this post was submitted on 16 Aug 2024
688 points (98.9% liked)

Technology

58009 readers
3042 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
688
All Windows users should immediately update their computers. An exploit rated 9.8/10 (CVE-2024-38063) compromises all devices running Windows with an IPv6 address. (msrc.microsoft.com)
submitted 3 weeks ago* (last edited 3 weeks ago) by hal_5700X@sh.itjust.works to c/technology@lemmy.world
208 comments fedilink hide all child comments
 

archive

If you have the August 13, 2024—KB5041580 update. You're good.

you are viewing a single comment's thread
view the rest of the comments
[–] osaerisxero@kbin.melroy.org 93 points 3 weeks ago (55 children)

As a networking nerd, I am endlessly frustrated with how many otherwise smart people are just 'fuck ipv6 lmao'

Giving me goddamn flashbacks to this https://www.youtube.com/watch?v=v26BAlfWBm8

[–] Trainguyrom@reddthat.com 45 points 3 weeks ago (40 children)

IPv6 genuinely made some really good decisions in its design, but I do question the default "no NAT, no private network prefixes" mentality since that's not going to work so well for average Janes and Joes

[–] r00ty@kbin.life 15 points 3 weeks ago (2 children)

Routers simply need to block incoming unestablished packets (all modern routers allow for this) to replicate NAT security without NAT translation. Then you just punch holes through on IP addresses and ports you want to run services on and be done with it.

Now, some home routers aren't doing this by default, but they absolutely should be. That's just router software designers being bad, not IPv6's fault, and would get ironed out pretty quick if there was mass adoption and IPv4 became the secondary system.

To be clear, this is not a reason not to be adopting IPv6.

[–] Archer@lemmy.world 2 points 3 weeks ago (1 children)

Routers simply need to block incoming unestablished packets

This is called a firewall

[–] r00ty@kbin.life 1 points 3 weeks ago

Yes, and no. A firewall is still a firewall if it is configured to have all ports open. The Linux kernel firewall is still active, even though its default configuration is, everything open.

My point is, for some reason there are some that are not configured to block incoming IPv6 by default. When that should be the standard home/consumer router default setting. Then the user can open ports to ips as they need them.

load more comments (37 replies)
load more comments (51 replies)